We have system-wide firewall rules in place (layer 3 and 7) that are pretty basic...disallow adult sites, gambling, etc. These work fine.
I created a new group policy to further restrict traffic and applied it to only one computer via the specific client page. But it's not working - that computer can still get through. Our network is pretty simple - we don't have any other group policies in effect.
Some things I've tried:
- Just waiting to see if it takes some time to take effect
- Moving the client back to "normal" profile, waiting, then moving it back to my custom GP
- Removing the firewall rules in the gp, waiting, then re-applying.
- If I move one of the GP rules to the system-wide firewall rules, that works.
Any ideas? Feel like I'm missing something obvious here, but everything looks to be set correctly. Thanks!!
They are only applied when the client reconnects, have you tried that?
More troubleshooting tips are here:
Thanks... are you saying that I have to physically disconnect the computer from the LAN (unplug the ethernet cable) and reconnect? Or is there some other disconnect you're referring to? This PC is always hard-wired in today... That's going to be a real pain if I have to do that for every PC I need to apply group policies for.
Well it's a sure way to get the policy to apply immediately. The problem is that otherwise flows could be kept open. Can you try cycling the port the client is connected to?
So I unplugged the machine this morning, replugged it, and the restrictions still aren't taking effect. This seems like such a simple thing but I can't figure out why it's not working.
What are you using to test? I'll have a try here to see if it works for me.